Is there new 'hackproof' cyber defense? Air Force, industry test new system

Two U.S. Air Force F-22 Raptor stealth jet fighters fly near Andersen Air Force Base in this handout photo dated August 4, 2010. (REUTERS/U.S. Air Force/Master Sgt. Kevin J. Gruenwald/Handout)

The Air Force is working with industry to test an emerging cybersecurity technology which has not as of yet been “hacked,” despite massive amounts of attempted penetrations.

The software, made by Merlin Cyrption, is engineered to defeat advanced AI and Quantum computing hacking techniques by “never repeating a pattern,” developers say.

Engineers of the new product explain that AI and Quantum computing are able to crack sophisticated encryption by recognizing patterns and analyzing mathematical sequences.

“This encryption is non-deterministic and never repeats patterns. This cannot be broken through statistical analysis. It is not based on math. All encryption algorithms are based on math and this one is not,” Brandon Brown, Merlin Cyrption CEO told Warrior Maven in an interview.

While Brown is careful to avoid the term “not-hackable,” she does say the technology has so far not been penetrated by the some of the most advanced hacking techniques available today.

“There has been a lot of testing and it has not been hacked,” she said. “Whatever input you put in, you will get a different output.”

Along with the Air Force, the software has been tested by the Louisiana-based Cyber Innovation Center and the Univ. of Louisiana.

Brown is naturally reluctant to specify many of the details of this new method for proprietary reasons, but she did offer a broad overview of how the technology operates.

“It uses a random data generator that never repeats a pattern. This puts it in a good position to overcome AI and Quantum computing,” Brown added.

The new software has yet to be formally deployed by the U.S. military, but has already been applied in the private sector.

Merlin Cyrption’s technology bears some resemblance, at least in concept and application, to another “yet-to-be-hacked” computer network called STTarxx.

While still developing the technology to enable it to be more fully applicable to large networks, engineers working on STTarxx say they do have an operational “closed network” impenetrable to attempted enemy intrusions.

In a manner that is both different and somewhat analogous to methods used by Merlin Cyrption, STTarxx uses “random” encryption designed to be “untrackable” by even the most advanced algorithms.

“If you set up a network computer to computer and you implement a STTarxx network, we actually take over the internet and you can’t do anything else but be on that network. It is a closed network,” Phil Gambell, Chief Business Development Officer, STT, told Warrior Maven in an interview.

Part of how STTarxx seeks to remain un-detectable is by not sending a message to potential intruders writing “you are not authorized” to access. The idea is not to confirm the network’s existence to would-be hackers.

“You can communicate on the network but you cannot be tracked. If someone tries to hack us, we do not send back a message that say ‘you are not authorized to enter.’ We are like a dark spot,” Gambell added.

One industry cybersecurity expert called the new technology “what the government has been looking for… a single solution to protect digital assets,” yet emphasized that the emerging tech may encounter challenges when it comes to implementation.

“The challenge that this approach has is that it threatens other technologies and investments in lesser capable solutions. Particularly when defense and infrastructure programs such as nuclear power plants and electrical grids have invested heavily on patch -working their networks and systems,” Jerry Torres, CEO of Torres Advanced Enterprise Solutions, a private firm providing cyber forensics training to US and friendly foreign governments.

Torres’s white hat hackers conducted penetration testing with the STTarxx development team and confirmed the strength of the system. “The solution was invisible to the hackers,” Torres said.

Although the Air Force does not often comment in detail on these kinds of technologies while they are under review, the service has been making a decided effort to improve security on their networks. As part of this effort, they have also had some success in preventing “hacking.”

Last year, the Air Force conducted a “Hack the Air Force” event where they encouraged the best and brightest private sector hackers to attempt penetrating their networks.

The event, called HackerOne, brought some of the world’s elite hackers to the event. Air Force reports say they were happy to see that their sites were not that easy to crack. Hackers looked for bugs and vulnerabilities, and found some, only to then learn they had already been patched or addressed.

“They (the hackers) were impressed,” Lt. Col. Jonathan Joshua, 24th AF Deputy Chief of Staff, said in a written Air Force report. “As a vulnerability was identified, shortly thereafter, hackers would be attempting to highlight the vulnerability to another team of hackers…but the vulnerability had already been patched.”

The Air Force has, for quite some time, been aggressive in its pursuit of cybersecurity, given today’s threat environment. The service has established several new Cyber Squadron units tasked with teaching improved cyber hygiene for security and sharpening a service-wide emphasis upon cybersecurity. Also, the service is looking at some advanced cyber defense methods which use automation to replication human user behavior online. This is done for the specific purpose of luring, and then tracking, would-be hackers, intruders and enemies.

Also, stay tuned for an upcoming Warrior Maven report on the Air Force’s emerging Cyber Resilience of Weapons System office, a particular high-tech effort now underway to cyber harden weapons systems and data networks.